I have notice a very severe nonpaged kernel memory leak in netio.sys when nod32 v4 is installed on my vista sp2 machine. I believe it also occurred when sp1 was installed, I just didn't bother investigating.

I discovered that by using the windows built in driver verifier. After a day of working and some large downloads, the nonpaged kernel memory pool reaches hundreds of MBs in size when nod32 is installed. From the verifier I seen that the memory is reserved by netio.sys. And since Nod is the only net monitor software I have installed, I guessed that it's probably the cultpit. After uninstalling and reinstalling twice I can confirm that it only occurs when it is installed. I have noticed similar behaviour on my vista sp2 laptop.

Has anyone noticed something like that?

It's been very rare, but although I have not personally experienced it, I have witnessed it before on these forums in screenshots, without an explanation, so it's a possibility.

What would a suggested solution be?

I tried finding a way to submit a bug report on eset's site, but didn't find anything of that sort.

I didn't expect an explanation, but I would very much recommend someone informs ESET about this bug. This is a very major stability bug, and about half the stability complaints on this page could be related to this.

Hello,
does disabling HTTP/POP3 filtering make a difference? What hardware do you use? (amount of RAM, CPU, platform - x86/x86-64) What edition / version of Vista is it? (e.g. Ultimate, 64-bit)

I don't use Pop3, only web based mail.

I have core2Duo 6600, 3GB RAM, vista 32bit SP2

I didn't try disabling HTTP filtering. I'll reinstall it and try it out.

Hello,

What brand and model of network interface card are you using, and which version of drivers for it?

Regards,

Aryeh Goretsky

I have an Asus p5k Board, and I tried using the drivers from the asus page and the drivers from windows update. Changing between them has no effect.

(the NIC is Atheros L1 Gigabit controller)

Turning off both pop3 filtering and http filtering from the advanced options interface had no effect on the leak.

I can confirm this, I have the exact same symptoms.

After downloading large amounts of data, the kernel's nonpaged memory increases to over 1.3GB and my total RAM usage reaches 95% (out of 2GB).

This is a very serious bug as my system becomes almost unusable when the memory is maxed out. The only way to fix it is to reboot, resume downloads and wait for the same problem to re-occur.

-{ Quote: "I can confirm this, I have the exact same symptoms.

After downloading large amounts of data, the kernel's nonpaged memory increases to over 1.3GB and my total RAM usage reaches 95% (out of 2GB).

This is a very serious bug as my system becomes almost unusable when the memory is maxed out. The only way to fix it is to reboot, resume downloads and wait for the same problem to re-occur." }-

Thanks for the confirmation JMZ.

As I suspected it's a major bug that can cause all manners of seemingly unrelated system instability. The ESET process itself doesn't seem to have lots of allocated memory , but as I said, it causes a memory leak in netio.sys. I only noticed it because I'm a programmer myself, I'm sure many random stability and connectivity issues reported by other users are related to this.

My ESET subscription has run out so I can't further investigate this issue. I'll renew it when I see that this major bug is resolved.

-{ Quote: "Thanks for the confirmation JMZ.

As I suspected it's a major bug that can cause all manners of seemingly unrelated system instability. The ESET process itself doesn't seem to have lots of allocated memory , but as I said, it causes a memory leak in netio.sys. I only noticed it because I'm a programmer myself, I'm sure many random stability and connectivity issues reported by other users are related to this.

My ESET subscription has run out so I can't further investigate this issue. I'll renew it when I see that this major bug is resolved." }-


I wonder if this is the issue that is causing the issue I have seen with Windows Vista, and 2008 Server where the system goes into a deadlock state.. You go to the machine, and cannot do anything to it other than a power cycle. I watched my Vista machine at home take 10-15 minutes to ctrl-alt-del, and my 2008 Server do this.. This issue never happened on V3.. Therefore I stay away from V4 on 2008 Server at the moment..

Can you do a clean uninstall of what you got, and try the 4.0.437 version to see if it is fixed?

JmZ or GreatWizard, can you give some range as to what "downloading large amounts of data" means, are you talking MBs, GBs, or ?

-{ Quote: "JmZ or GreatWizard, can you give some range as to what "downloading large amounts of data" means, are you talking MBs, GBs, or ?" }-


GBs, but also, playing online games for a few hours. The memory leak occures and starts growing all the time. it can reach 100-200 MBs in several hours of simple browsing - it's just not a noticeable performance hit until it grows beyond that, on a modern desktop.

-{ Quote: "I wonder if this is the issue that is causing the issue I have seen with Windows Vista, and 2008 Server where the system goes into a deadlock state.. You go to the machine, and cannot do anything to it other than a power cycle. I watched my Vista machine at home take 10-15 minutes to ctrl-alt-del, and my 2008 Server do this.. This issue never happened on V3.. Therefore I stay away from V4 on 2008 Server at the moment..

Can you do a clean uninstall of what you got, and try the 4.0.437 version to see if it is fixed?" }-

My account has run out, but what you describe is exactly what happens when such a memory leak occured. you can see it in the performance tab of the task manager. Just look at the non-paged kernel memory. If it steadlily grows far beyond the initial 30-40 MB it is on boot-up then you have it too.

I noticed this for the first time on 1 of the PC's on a network when I was removing ESET's software. The PC itself had been on most of the day with several people having used it (no reboot). Probably not helpful, but I doubt this bug will ever be fixed so there it is anyway.

does anyone have a work around/fix/responce from ESET about this? at the moment i have 1209MB of unpaged kernal memory used, is making the system rather unstable

same problem in a machine with the nic nVIDIA Networking Controller (chipset nforce4 430).

nonpaged memory just runs to the limit and the system freezes. The problem is the driver ntdio.sys, when downloading it raises.

quick fix before i uninstall nod32 v4?

havent found any work around, but was experenceing the same problem with NAV

lol, i've just see that the same bug is in my personal pc, with a marvell yukon network card (chipset intel p35).

my workaround in my pc is to disable the http scan.

i hope eset will see this and fix soon. Normal user with large quantities of ram ( >3GB) doesn't see the bug because in the normal use the user itself doesn't do much download.

The problem is that the driver netio.sys in combination with eset 4 when you download something it eats your ram and it doesn't release.

Yeap 1.9 GB after downloading about 7.2 Gb.
Running:
Vista Ultimate SP2 latest patches.
Downloaded, INstalled and running 4.0.467
YAY.

Seeing that the original problem was presented in MAY of this year on the 24th and now is SEPTEMBER the 23rd so it's been a good 4 months without any further peep from ESET beyond the initial HELLO I am safe to assume that so far they are employing "If we keep quiet and lay on it, they will go away, since after all how many regular users check nonpaged Memory?"

Just put the newest v4 467 on, i5, 4gig ram, windows 7 RTM, and the memory leak is still there. It's very bad. No word for eset, what a shame..........might have to try a new AV if they can admit/fix the issue.

-{ Quote: "

i hope eset will see this and fix soon. Normal user with large quantities of ram ( >3GB) doesn't see the bug because in the normal use the user itself doesn't do much download.

The problem is that the driver netio.sys in combination with eset 4 when you download something it eats your ram and it doesn't release." }-

Don't hold your breath....it's been reported many times since MARCH this year, now SEPTEMBER, and still around. Nice quality control.

What about version 3.0.694 ? Do you experience this ?

I am currently enabled to test because of lack of Vista

vista sp2 and nod32 v4 latest.
this case this exists. it probably has to do with monitoring of the system.

Sad to see this still exists. I am not using eset since I found this bug, it's just not an option. Thanks to everyone who follows this. since I no longer have a working license.

This is a bug in Windows (namely in the WFP framework). They (MS) confirmed it already, they should release a hotfix soon. See here:

http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/c023b15a-a319-471b-b1e4-401ecc7f59cc

Thanks for this info. Great to know I'll be able to use nod again soon. This bug fix should correct many stability issues NOD is having, if it's indeed it. Probably other similar programs too.

fixed: http://support.microsoft.com/kb/979223